I just installed the debian version of 6.1.8740, and I enabled the signup service to test it out. When I tried adding a user, it says Sorry wrong Captcha. Please try again. Well there is no captcha displayed. Is this a known bug or did i miss a setting somewhere?

EDIT: this has to be a bug. It shows in IE 11 but not firefox (v49), nor Chrome (v54)EDIT2: is there a way to disable captcha? I don't really need it

Refused to load the script 'https://www.google.com/recaptcha/api.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Varela+Round:400' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Montserrat:400,700' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the script 'https://www.google.com/recaptcha/api.js' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information, see https://goo.gl/zmWq3m.

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Varela+Round:400' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Refused to load the stylesheet 'http://fonts.googleapis.com/css?family=Montserrat:400,700' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback..